Inside the Head of a Hacker

The birth of the internet led to the rise of the hacker. Only a small minority (8% in 2014) of all data breaches are inside jobs. Nearly half of such breaches point to hackers who could be sitting next door or across the world. As technology evolves and becomes more complex, so do hackers and their capabilities — constantly devising new security threats.

There have been many high-profile hacks in the past few years, with victims ranging from Sony to LinkedIn to the Democratic National Committee.

How do people become hackers? What are their motivations? What do they do with the information they steal? Here we get inside the head of hackers to find out what makes them tick.

Not All Hackers Are the Same

What comes to mind when you think of a hacker? For many, the image is of a ‘lone wolf’ hacker, usually a young male, wearing a hoodie and hacking in the dim light of a basement.

Certainly, this is the profile of many hackers, but it’s important to understand not all hackers are the same. There are seven main types of hackers, each with different skills, motivations, and experiences.

Cyber Criminals

These are the biggest group of hackers. Their motivation is money and they use malware and other illegal methods to steal valuable credit card information and other personal data they can sell on the black market.

Spammers and Adware Spreaders

These are the people behind the spam email hawking you cheap Viagra. They are either paid by a legitimate company to advertise that company’s products, or they are selling their own. They are nowhere near as malicious as the cyber criminals, but they can still be pretty irritating.

Advanced Persistent Threat (APT) Agents

APT agents are a real threat to companies, often working together as part of professional teams. Rather than trying to steal from your company, they are trying to be your company. They want to get valuable intellectual property to either duplicate your company’s products and ideas, or to sell them to the highest bidder.

Corporate Spies

Corporate spies are looking for a particular piece of intellectual property or competitive information. They usually aren’t as well-organized as APT agents, and they are more interested in short- or mid-term financial gains.

Hacktivists

Hacktivists are often part of groups like Anonymous or Wikileaks. They have some kind of political, religious, or social ideology and choose their targets accordingly.

Cyber Warriors

Cyber warriors have military goals, and everything they do is focused on a particular military objective. The Stuxnet worm is a high-profile example of cyber warriors at work.

Rogue Hackers

These are the hackers stereotypes are made of. They are the petty criminals of the hacking world, not interested in much other than proving their skills and boasting to their friends. A nuisance, to be sure, but unlikely to cause as much pain as any of the other six types of hackers.

All these classifications of hackers hack for at least one of these three reasons: for fun, to steal, or to disrupt. Many hackers talk about being motivated by the sheer thrill of the activity.

Becoming a Hacker

After reviewing the types of hackers, we have a better idea of their motivations. But how do they become hackers in the first place?

It’s easier than ever to become a computer hacker. There are literally courses and how-to articles written for those who want to become hackers. Most of the people who develop the skills necessary for hacking use them for developing applications and programs, rather than for anything nefarious.

But then there are those who turn to hacking. Bright, technologically savvy, and more prone to risk-taking than others, hackers cut across a wide range of backgrounds and incomes. They include the novice “script kiddies,” often teenagers without much skill who rely on readily available tools, and the expert malware coders, who are much more sophisticated.

Serious hackers often get their start at underground markets; they shop around for products like trojans, ransomware, and bots to carry out their own theft. These underground markets are hidden from the public with cryptographic features to keep them safely hidden in the “darknet.”

Armed with the tools to conduct their own cyberattack, a hacker will attempt to achieve their goal, whether it is simply to prove they can infiltrate a network, or to steal personal data.

If they are able to steal personal data, they will return to the market where they purchased their tools. One thousand email addresses sell for between 50 cents and $10, while credit card details can go for anywhere from 50 cents to $20.

The hacker will then use a money mule to launder their money and deposit it in their bank account. The money mule will charge a small percentage to keep for themselves, but the service will be worth it to the hacker, to be able to hide his or her tracks.

And what comes after a hacker is done being a hacker? Well, some go straight and are hired by companies or governments to help them with their security.

In the Netflix TV show House of Cards, former hacktivist Gavin Orsay was caught by the FBI. Rather than serve a long prison sentence, he agreed to use his skills to help the FBI catch criminals.

The fictitious plot line was inspired by similar real-word examples. In 2001, a 20-year-old Ukrainian hacker turned himself into the FBI and began working for them — sort of. In the UK, a former member of Anonymous joined a payments and cybersecurity company, after being arrested and serving a 20-month suspended sentence.

Of course, that is a best-case scenario for serious hackers who get caught. Others may spend much longer in jail, such as one 26-year-old hacker in Turkey who was recently sentenced to more than 300 years in jail.

It was an inauspicious end to his hacking career, and is a strong reminder to any wannabe hackers out there — no matter how great the adrenaline rush of hacking, and how good it feels to steal data or disrupt entire systems, it may not be worth it in the end.